Management of Financial Institutions, Prof. Young-jin Kim RISK MANAGEMENT OF INTERNET BANKING IN KOREA, INDONESIA, AND NEW ZEALAND 2011-11214 YEONHA KIM 2014-81791 SUJIN KIM 2014-81824 MEGA PUSPITA PERTIWI
Management of Financial Institutions, Prof. Young-jin Kim
RISK MANAGEMENT OF INTERNET BANKING
IN KOREA, INDONESIA, AND NEW ZEALAND
2011-11214 YEONHA KIM
2014-81791 SUJIN KIM
2014-81824 MEGA PUSPITA PERTIWI
i
INDEX
I. INTERNET BANKING
A. The Increasing Importance of Internet banking
B. The Function of Internet banking
1. Internet Banking’s function in Korea
2. Internet Banking’s function in Indonesia
3. Internet Banking’s function in New Zealand
C. New Issues
D. Internet banking Risks
1. Transactional Risks
2. Compliance Risks
3. Reputation Risks
4. Information Security Risks
II. RISK MANAGEMENT
A. Korea
B. Indonesia
C. New Zealand
III. CONCLUSION
BIBLIOGRAPHY
1
I. INTERNET BANKING
A. The Increasing Importance of Internet banking
Internet banking is one way to perform banking transactions and has simplified the
transaction process, increasing both accessibility and availability for the customer. Internet
banking is the use of internet, as a remote delivery channel for a wide range of banking
services including opening a deposit account, electronic bill presentation and payment,
transferring funds among different accounts, and so on (Kim, 2003).
Internet banking has significant role in cost reduction and efficiency in banking firms. It cut
the cost of activities that need physical assistance that usually demand higher fees. It is also
the source of productivity gain as employees doesn’t need to interact more with other
employees and disturb each other work over a transaction problem because they can solve it
using their personal computer. Any delayed transaction or fraud also can be detected easily
and quickly using internet banking. In this dynamic world where everything is connected and
borderless caused by internet, internet banking is a convenience thing for customer. However,
internet banking also has several drawbacks and risks that have to be well managed by
banking firms.
B. The Function of Internet banking
Broadly, the level of banking services offered through the internet can be categorized into
three groups based on accessibility. First, ‘Information-only systems’ or Level I system, are
general purpose information such as interest rates, branch location, bank products and their
features that can be found on the bank’s website (Internet Banking, 2008). Also, the
communication and queries are made through email. Such kind of function is static and does
not involve any backend database. At this stage, there is no interaction between the customer
and bank’s application system, or identification of the customer.
Next, ‘electronic information transfer systems’ or Level II systems are interactive in that they
provide the ability to transmit sensitive messages, files, or documents between the bank and
users (Internet Banking, 2008). These include customer-specific information like account
balances, transaction details, and statement of accounts, all fetched from the bank’s
application systems which are not directly accessible through the internet.
2
The third level of internet banking functions is called ‘fully-transactional systems’ and it
facilitates electronic funds transfer and other financial transactions, allowing the customers to
operate their accounts, ie ‘bi-directional’ capabilities (Internet Banking, 2008). This system
comprises technology covering computerization, networking and security, inter-bank
payment gateway and legal infrastructure and therefore requires high degree of security and
control.
This is an overview of the internet banking functionality-three categories for electronic
capabilities. The relevant services in three different countries-Korea, Indonesia, New
Zealand- have been compared in accordance with each level of functionality.
1. Internet Banking’s function in Korea
Internet banking in Korea is very well-developed. According to the Bank of Korea, 57.29
million online accounts (of 49 million population; multiple accounts are also counted) as of
September 2009, and 29.03 million transactions are recorded on average per day, with 30.17
trillion Won (Kim et al, 2011, p.1). Here, KB(Kookmin Bank) will be used as a benchmark of
Korean Internet Banking; following information can be found in KB Banking Website KB
star, https://www.kbstar.com/#.
a. Level 1 Systems
General information is well provided in almost all bank websites in Korea. KB website has
several information sections to communicate their services apart from transactions to
customers. KB provides information regarding products regarding Foreign Exchanges,
Annuities, Real estate, and there are several customer-based
variations including Rock-Star(for young adults) and Gold
& Wise(premium customer services). The website also
provides general information of bank including Investor
Relations information, Corporate Social Responsibilities
and Customer Services Centre. All of the services are also
presented in English, Chinese and Japanese.
What is noteworthy level 1 system of KB is that it has a
3
specialized website dedicated to providing general financial information and journals as well
as product information. It is called “KB Information Arena”(https://otalk.kbstar.com), and
provides e-Book services and its own Magazine article services.
b. Level 2 Systems
KB “transfers information” of accounts via internet banking.
There are three major sections in the KB accounts; Individual,
Corporate, and Golden Life Banking (for Senior citizens with
retirement purposes). Each section, once logged-in, enables
customers to check what kinds of accounts or products they
purchased and to be updated on their recent transactions
amount and remaining value of each account. This
information transference is available for Deposits, Funds, Loans, Insurance policies and
Trusts for all three sections.
c. Level 3 Systems
First, KB provides financial transferring services for customers, within and outside the Bank.
This process generally requires a hardcopy of “Security Card(보안카드)” with several
security codes printed on it. Customers need to enter a selected few numbers printed on the
card in order to finish the transfer; and sign the transaction with “Public Key
Infrastructure(공인인증서)”. This Public Key Certificate will be, on the latter parts of the
essay, the focal point of the Security risks in Korean Banking System. KB also provides
customers to further transfer public utilities charge via website. It requires KB accounts.
2. Internet Banking’s function in Indonesia
a. Level 1 System
Indonesia has 120 banks consist of 4 state owned banks and 116 private banks. Three (Bank
Mandiri, Bank Rakyat Indonesia, Bank Nasional Indonesia) out of four state owned bank are
in top 5th
largest bank in Indonesia with 33% market share. In term of internet banking, they
serve the customers with complete and convenience websites providing general information
needed. The complete and convenience website also provided by almost other banks. The
4
general information banks provide in their websites are product and service information,
foreign exchange, corporate governance, contact, investor relation, consumer banking, career,
news update about the bank, and many others. The service is provided only in two languages,
Indonesia and English.
Bank Mandiri, the largest bank in Indonesia, provides very complete features in its website
(http://www.bankmandiri.co.id/english/index.aspx). It provides explanation about the features
such as internet and mobile banking, ATM, and Mandiry Call; the consumer banking such as
Mandiri debit, prepaid, creditcard, loans, priority service, and payroll package; microfinance;
commercial banking’s information related to cash loan, cash management, trade finance and
services, etc. The customer is differentiated by two categories: personal and business. The
website also provides the news about banking firm, events and promotion, and also safety
guidance to inform customers about security issues.
b. Level 2 System
The customers of Bank Mandiri can access saving account (Mandiri Saving, Mandiri
Business Saving, Mandiri Dollar, Mandiri Planned Saving), Individual Giro (rupiah and other
foreign currencies), Deposit (rupiah and other foreign currencies), Credit Card and Individual
Loan Account only with one ID and password. Once they logged in, they can check their
balance, transfer money, pay bills, top up the mobile phone, plan for time deposits, change
PIN, managed transfer list history and plans, and change their personal settings.
c. Level 3 System
In using internet banking, customer doesn’t need to install any application. But, every
financial transaction should be accompanied with additional securing device named Token
(an additional securing device for financial transaction on Mandiri e-banking to enable
customer to conduct transaction by yielding always-change PIN (dynamic PIN) every time
the customer conducts financial transactions).
Every transaction will yield reference number to be used if a question emerges or a problem
occurs related to the transaction. If no activities exist for 10 minutes, system will
automatically log out customer’s access to prevent unauthorized misuse (bankmandiri.com).
Bank Mandiri use Security SSL 3.0 with 128-bit encryption system for their internet banking.
3. Internet Banking’s function in New Zealand
5
In New Zealand, there are five major banks; ANZ National, ASB, Bank of New Zealand,
Kiwibank, and Westpac all of which facilitate internet banking. According to data released by
Statistics New Zealand in 2013 (Canstar, 2013), approximately 2.05 million New Zealanders
use internet banking, up from 1.74 million in 2009. As demand for internet banking increases
in New Zealand, the banks attempt to differentiate their products and services in various ways.
a. Level 1 System
All of the NZ major banks’ websites display reports, banking products (deposits, loans,
insurance, mortgage, etc) along with their features and provide online tools to calculate
budgets, rates, fees, foreign exchange rates. Despite slight differences in the layout and
categories, all the banks have categorized the information into 3 main groups-Personal,
Business and Rural. ANZ has another section-Institutional where information on relationship
management and economics and market research is well displayed. Not only the online
display but also direct contact with customers contributes to delivering information in the
form of queries and replies. Canstar (2013) reported that ASB ranked as the best provider of
internet banking in New Zealand in 2013. The ASB website scored well for excellent online
help, chat and phone back up, and the ‘virtual branch’ allows Facebook users to chat in real
time with dedicated banking specialists, where they can make product enquiries, obtain
general advice on products, set up automatic payments and direct debits. These features
indicate that ASB has had a good focus on the communication with customers to deliver
general information more efficiently. The other banks also have an email system on their
website to interact with customers for the ‘information-only’ purpose.
b. Level 2 System
The electronic information transfer systems allow customers to see their account balances,
and transactions (checks written, purchases, transfers, etc) and to download transaction
information. The information at this stage is largely of the ‘read-only’ format. ASB’s internet
banking, FastNet Classic enables customers to view their account balances and transactions.
In specific, there is a FastNet Classic service called ‘Track My Spending’ which shows
customers where they spend their money. With this service, the customers can assign
categories to each of their transactions (e.g. Food and Groceries, Vehicle and Transport) and
see how it all adds up (Canstar, 2013). The other banks like BNZ and Kiwibank provide
similar services, YouMoney and Heaps! respectively. Identification and authentication of the
6
customer is through password. By logging into their account, customers are able to make
access to their accounts 24/7.
c. Level 3 System
At ‘fully-transactional’ level, customers are directly engaged in the performance of banking
transactions. According to CANSTAR’s research, the functionality of internet banking that
customers value most includes product applications, banking services, reporting, self-service,
communication and security, the majority of them being ‘level III system’ functions. Product
applications can be submitted by customers online. Through internet banking, the ASB
customers may open a new account (insurance, sharetrading, deposits, term deposits), apply
for loans, enroll for Kiwisaver scheme (NZ’s national pension), request an ASB PayTag (a
sticker that customers can put on their mobile phone to allow you to make contactless
payment), and open a new credit/debit card. At this level, internet banking users can not only
view their accounts but also interact with the data by rearranging, categorizing and tagging on
as well as store all the data, images, and reports for future references. For instance, the ASB
customers are able to categorize their spending while BNZ’s YouMoney enables customers to
personalize their accounts and payees with relevant images and set savings goals which can
be tracked at a glance by progressive bars (Canstar, 2013). The internet banking users can
make various payments, and transfer funds. The ASB internet banking users are able to make
one-off payments, pay bills and taxes, set up or cancel automatic payments, transfer money
between accounts, and order foreign exchange or transfer money overseas. Apart from these,
ASB facilitates the ‘online vault’ where customers can store their important information in
one place (ASB, n.d). To compare, the other major banks in New Zealand enable similar
functions through their websites and these functions are highly likely to be offered in other
countries as well. One caveat for New Zealand is that it is a multinational country where
people from all over the world move in to live. Therefore, most of New Zealand’s
commercial banks provide online migrant banking packages which enable users to open a
bank account before they arrive in New Zealand, make home loans, vehicle finance, online
international money transfer, and so on. Lastly, internet banking users should be able to
update their personal details without visiting a local branch. As this level of systems involves
bi-directional transactions from both customers and banks, online security is a major concern.
C. New Issues
7
Along with the increasing number of internet banking users, the significance of e-banking
risks is also highlighted. The major risk can be defined as information technology risks and
the magnitude of IT risks depend on the size of banks as small banks tend to purchase tested
technology or outsource, while large banks are likely to develop technology by themselves.
Due to unprecedented speed of technological change in the last decade, almost every industry
field has been encouraged to adopt technology and make technology investments which
indeed contributed to the firm’s increased capability to provide consistently high-quality
products and services, as outlined by the functions of internet banking.
However, technology investments lead to several financial risks such as credit risk, interest
rate risk, and liquidity risk (Richards, n.d.). Credit risk is the risk to earnings or capital from a
customer's failure to meet his financial obligations. Internet banking enables customers to
apply for credit from anywhere in the world. Banks will find it difficult to verify the identity
of the customer, if they intend to offer instant credit through the internet and the probability
of default could increase. Interest rate risk is caused by movements in interest rates. Internet
banking can attract loans and deposits from a larger pool of customers. Also, considering that
it is easy to compare rates across banks, pressure on interest rates is higher, accentuating the
need to react quickly to changing interest rates in the market. Liquidity risk is the risk from a
bank's inability to meet its obligations. Internet banking may increase deposit and asset
volatility, especially from customers who maintain accounts solely because they are getting a
better rate. These customers tend to pull out of the relationship if they get a slightly better rate
elsewhere. Due to the fact that all the financial risks are interrelated, careful control of each
risk factor is highly required. (Ramakrishnan, 2001)
In terms of operational risks, security is the most alarming issue. Security risks expose the
banking firm to malicious hacker or insider attacks, viruses, denial-of-service attacks, data
theft, data destruction and fraud. The speed of change of technology and the fact that the
internet channel is accessible universally makes this risk especially critical. Therefore, the
need for banks to assess and manage security risks is becoming even more crucial.
D. Internet banking Risks
1. Transactional Risks
Transactional risk refers to the “recent and potential peril to income and investment coming
up from hoax, blunder, disregard and the incapability to sustain anticipated service intensity”
8
(Osunmuyiwa, 2013, p.52). Income and investment risks, in other words, refers to the
business risks. Business risks are likely to increase with internet banking products; intricate
internal controls and interfaces are needed as well as regular accesses, which may increase
the possibilities of blunder. Non-refutation of transactions and the ability to guarantee data
are also needed (Osunmuyiwa, 2013, p.52).
Moreover, as internet banking has detailed system, there are possibilities for errors in system
links and procedures also (Osunmuyiwa, 2013, p.52).
2. Compliance Risks
Compliance risk refers to the “recent and potential peril to income and investment arising due
to the inability to conform to, or infringements of, decrees, guidelines and moral values”
(Osunmuyiwa, 2013, p.52). Compliance risk is correlated with banks’ reputation as well as
financial fatalities. Ruined reputation will result in lower status in comparison with
competitors and reduced business opportunities (Osunmuyiwa, 2013, p.52). As banks have to
consciously regard their operating countries’ laws and regulations, if banks’ customers are
located in more than one country, this risk increases. As for Internet banking, there are
several new regulations and laws pertaining the area; financial institutions need to address
this risk.
Keeping customer information confidentiality is the key of compliance risks; they have to ask
for customer permission before complying to the various regulations, or tax practices, by
providing information. Customers appear to be “highly apprehensive” to their financial data
confidentiality (Gunajit and Pranav, 2010).
3. Reputation Risks
Reputation risk is the “risk to income and investment caused by unenthusiastic public view”
(Osunmuyiwa, 2013, p.52). Defective internet banking transactions can undermine banks’
reputation; “restricted accessibility and reduced reaction” are examples of defective internet
banking (Osunmuyiwa, 2013, p.52). Customers are also indifferent to banks’ perils; they are
demanding, regardless of actual risks banks face with Internet banking.
4. Information Security Risks
Information security risk is “risk to income and investment arising due to negligent data
safekeeping procedures, consequently revealing the organization to scam, information
obliteration, virus, information thieves, vicious hacker, insider attacks and Denial-Of-Service
9
(DOS) attacks” (Osunmuyiwa, 2013, p.52). As internet is an open system, anyone can reach
the online channel of banking system, thus heightening the peril. Online frauds, in turn, result
in increased complaints filed by the banks.
II. RISK MANAGEMENT
Risk management is a process of identifying, analyzing, evaluating, and monitoring risks to
mitigate or prevent loss. The process of risk management consists of five key steps; identify
risks, evaluate the weight of risks (frequency and severity), develop and select the method to
manage risk, implement the method, and monitor the risk management method implemented.
Risk management in banking firms follows the same process and principle in general risk
management. In banking firms risk management consist of board management oversight,
security control, and legal and reputation risk management.
A. Korea
The most noteworthy risk that has arisen from internet banking in Korea would be
Information Security Risks and Reputation Risks. However, it is neither because of open
nature of Internet, nor the lack of conscious efforts against possible informational breaches. It
is a government regulation which reinforces closed security system for internet banking.
1. Regulations and Security Risks
The Korean government has enforced “Public Key Infrastructure”(PKI) by “Digital Signature
Act”, which “guarantee the interoperability of digital signature and encryption algorithms for
all electronic transactions processed in Korea” in 1999 (Kim et al, 2011, p.1). These
encryptions are normally provided by the banks as “external plug-ins”. These plugins are all
based on the dominant browser of the time, Internet Explorer (IE), and in turn lock the
customers in for the browser.
As for PKI, it is a digital certificate issued by the government Certificate Authority stored in
the user’s hard disk or portable USB storages. The general transaction process runs as follows:
1) customer log-in with ID and PW 2) selected digits from an indexed Transactional
Authentication Number(iTAN) from security card are entered 3) PKI requires a private key to
sign the transactions. “A secure authenticated channel, SAC, is established” and this process
10
requires the aforementioned external plug-ins (Kim et al, 2011, p.3). The plug-ins also
include security updates to continuously retain safe user platform. As communication channel,
the Internet, is frequently affected, banks provide updated plug-ins for their customers to
download whenever there is a new threat, a new malware. Anti-virus program, personal
firewall, keystroke encryption plug-ins are some of the most common examples of such
services (Kim et al, 2011, p.4).
(If customers first enter the Website for Internet banking, they encounter the security program
installing page as above: Woori Bank, accessed at 12th
Dec. 2014)
However, these intricate, detailed designs turned out to be not so effective. Kim et al.(2011)
states five possible causes for the ineffective security systems in Korea: 1) private keys can
be easily hacked by malwares when the security is “only as good as their password”, 2) user
interface is weak and does not provide trustworthy keypad, 3) external plug-ins are not
invincible, 4) while browsers like Chrome are providing additional security features, Korean
users are tied to IE, 5) Koreans do not use wide-used protocols and therefore have little
security proofs (pp.5-7).
In October 2014, an alteration of the Electronic Transactions Law has been passed. This law
abolishes the “mandatory use” of PKI; banks will have to come up with other security
measures to replace PKI. In doing so, they have remarkable chance to manage security risks;
if some of them come up with even better solution to the PKI problems stated above, they
will pre-empt the competitive advantage in the realm of Information Security risks. Financial
Institutions ought to make alliance with IT innovators to further take advantage of this
regulation change.
11
2. Reputation Risks
PKI-based system of Korean Internet banking system has been very complicated. According
to Kim et al.(2011)’s research, 70% of Korean Internet banking customers have answered
that they would choose other countries’ internet banking services over Korea’s mainly
because it’s simpler. 30% that preferred Korean system did say that Korean service feels
more secure (p.8). However, it is problematic for internet banking reputation. Furthermore,
considering that external plug-ins have to be reinstalled for each bank’s online transactions, it
can be inferred that customers will likely use only a couple of internet banking system if at all.
Now that PKI regulation has been removed, banks will have to go through severe competition
in order to solicit customers with new transaction systems. Reputations, as well as IT
innovations stated in the previous security risk management analysis, will play a huge role in
this solicitation competition.
Kim et al.(2011)’s research also reveals that younger, better-educated customers have used
foreign banking services. About 50% of them use browsers like Firefox and Chrome for
general web-browsing activities apart from internet banking; they turn out to be tech-savvy. It
is also revealed in the research that these young respondents are security sensitive too; most
of them have own anti-virus software and firewall. These customers, however, says that
external plug-ins are too extensive and should be optional (68.7%), and have experienced
installation failures (83.7%) (p.9). It is clear from the research that young customers have
experienced foreign online services, and have better impression on them rather than on
Korean online systems.
Reputation risks come from defective online transactions, which include limited
accessibilities. Traditional Korean internet banking has had restricted customer accessibilities
using too many external plug-ins and binding them to IE browser. With the new regulation
coming, banks will have to attract younger, tech-savvy customers with simpler, open system
and better online reputations.
B. Indonesia
Despite of its convenience access in bank website and do financial transaction, the internet
banking user is Indonesia is still low compare to the huge population. In 2012, the internet
banking user was 6 million, only 3% of 250 million populations. And it was 9% of total 63
million internet users (Indonesia Internet Service Provider Association). The government and bank
in Indonesia keep trying to increase the number of internet banking users. Since 2013, the
12
internet banking transaction has shifted the credit card and ATM transaction that was the
biggest transaction (Sharing vision, 2014). But, Indonesia still struggle in dealing with IT
system risk.
IT system risk in Indonesia is a really big issue. Indonesia is primarily a target for less
sophisticated cybercrimes in which the attackers prey on the lack of awareness among people
to seek financial gain. Indonesia ranked tenth in Symantec's global list as the country
accounted for 2.4% of the world's cybercrimes in 2011 (Canning, 2013). There are lot cases
of theft through internet banking and credit card use in Indonesia. In the middle of 2012, the
central bank, Bank Indonesia received 1,009 reports of payment fraud in electronic banking
involving credit card and internet banking with total loss $254,000. This is because the
system failed to identify and validate the customers. Up until the end of 2013, operational
risk due to lack of talent and IT system risk remained the biggest challenge in banking firms
(PWC, 2013).
To manage this risk, many banking firms are investing on IT system that provides more
securities. The central bank also orders all banking firms to use standardize system ruled in
Peraturan Bank Indonesia (Bank Indonesia Law) and Surat Edaran Bank Indonesia (Bank
Indonesia Circular Letter). Bank Indonesia also order banking firms to always improve the
risk management and good corporate governance.
C. New Zealand
Banking in New Zealand has undergone a substantial transformation in the last 20 years,
followed by an increased focus on risk management. Technology innovations, especially
through electronic banking system have contributed to more sophisticated risk management,
but they also imply that the failure or malfunction of technology may be a greater source of
potential risks including compliance and reputation risks (Reserve Bank of New Zealand,
2004).
In New Zealand, one way to control compliance risks on internet banking is self discipline
through a good corporate finance. This measure has improved the overall risk management in
bank, but self discipline is likely to be less effective as problems within a bank start to arise,
which implies the need for regulatory intervention. The Reserve Bank of New Zealand, NZ’s
central bank is the one who monitors all the other banks throughout the nation. According to
13
part 5 of the “Reserve Bank of New Zealand Act 1989”, the Reserve Bank is entitled to
supervise banks for the purposes of “promoting the maintenance of a sound and efficient
financial system and avoiding significant damage to the financial system that could result
from the failure of a registered bank” (Reserve Bank of New Zealand, 2004). The Reserve
Bank of New Zealand plays an important role as a delegated monitor, ensuring that the banks
abide by all the related regulations such as Privacy Act and the compliance risks with respect
to internet banking are being controlled as much as possible.
The reputation of banking firms is of the main factors attracting foreign and domestic
investors, and will ultimately influence the prices and quantities at which New Zealand can
access foreign and domestic savings. Considering the small size of NZ economy, the
willingness of foreign investors to provide funds into the domestic capital market is crucial.
Therefore, it gives the banks a stronger incentive to minimize their reputational risks. Those
risks are highly correlated with the level of banking firm’s protection for user privacy and
online security measures. In order to ensure the customer’s personal information and
transactions are well protected, the ANZ bank takes a variety of security measures: challenge
questions (three questions that customers set up with their own answers which help the bank
verify their identity), ANZ shield (a free security app for Android and iPhone which allows
customers to generate a one-time passcode known as a Shield Code to authenticate certain
ANZ Internet Banking payments and activities), SNS notifications, fraud detection system,
encryption (prevents unauthorized users from being able to change or read the customer’s
data), automatic time-outs, and ANZ internet banking guarantee (unauthorized transaction
claims of up to $10,000 will be reimbursed within five business days of receiving the
customer’s completed documentation) (ANZ, n.d.). In addition, ANZ has a contract with two
security software providers offering ANZ customers a 90 day free trial of premium security
software. After the trial, there is an option to purchase this software at a discounted rate
which is likely to add another layer of security control for internet banking services (ANZ,
n.d.). BNZ also uses encryption, automatic time-outs and fraud detection system (firewall) as
its main strategy to ensure online security and ultimately, to control reputational risks.
III. CONCLUSION
The last decade has seen dramatic technological development which led to much more
convenient, simplified ways of providing banking services through the internet. The internet
14
banking system has enabled bank customers to perform all sorts of transactions online and the
number of internet banking users around the globe is increasing every year. At the same time,
it implies the need for the banking firm’s enhanced, systematic risk management with respect
to internet banking as well as a greater source of potential risks caused by technological
investments. The comparison among each internet banking system in Korea, Indonesia, and
New Zealand indicate that banks in all the three countries particularly focus on managing
compliance risks and reputation risks by their own security measures and strict adherence to
regulations. It is notable that in Korea, some changes have been made to the Act which was
first enacted 1999 and this change in the regulation may work out as new opportunities for
risk management. To sum up, banking firms have devised various measures to minimize the
internet banking risks but there lies a limit in this ‘self-discipline’ even through a good
corporate finance. Therefore, a certain degree of regulatory intervention is highly required for
more enhanced risk management.
15
Bibliography
Acevedo, L. (n.d.). The Importance of E-banking in Business. Retrieved December 12, 2014,
from http://smallbusiness.chron.com/importance-ebanking-business-26188.html
Andreasson, K. (2013, January 1). Meeting The Cyber Security Challenge In Indonesia - An
Analysis Of Threats And Responses
ANZ Bank. (n.d.). How we protect you. Retrieved from http://www.anz.com/personal/ways-
bank/security/online-security/protect-you/
ASB Bank. (n.d.). Features at a glance. Retrieved from
https://www.asb.co.nz/Personal/Banking-with-ASB/Internet-banking/Features-at-a-glance
Canstar. (May 2013). New Zealand Online Banking. Auckalnd: Author.
Harrington, S., & Niehaus, G. (2004). Risk management and insurance (2nd ed., Vol. 1).
Boston: Irwin/McGraw-Hill.
Heidi Richards. (n.d.). Information Technology Risks. USA: Federal Reserve Board.
Indonesia Still Struggling With Electronic Fraud: BI - The Jakarta Globe. (2012, July 6).
Retrieved December 12, 2014, from http://thejakartaglobe.beritasatu.com/archive/indonesia-
still-struggling-with-electronic-fraud-bi/
Indonesian Banking Survey 2013. (2013, January 1). Retrieved December 12, 2014, from
http://www.pwc.com/id/en/publications/assets/pwc-indonesia-banking-survey-2013.pdf
Internet Banking (E-banking). (2008). Retrieved from http://www.worldjute.com/ebank.html
Kim, H. et al. (2011). On the Security of Internet Banking in South Korea – a lesson in how
not to regulate security. University of Oxford.
Kim, H., & Park, C. (2003). The Impact of Internet Banking on the Performance of the
Korean Banking Industry: An Empirical Analysis. Retrieved December 12, 2014, from
http://www.kdi.re.kr/upload/7036/VI_KimHyeonWook.pdf
Mandiri Internet FAQ. (n.d.). Retrieved December 12, 2014, from
http://bankmandiri.co.id/english/article/faq-ib.aspx
NCB Interpol Indonesia - Peranan Bank Indonesia Dalam Pencegahan Kejahatan Penipuan
Internet di Perbankan. (2013, January 2). Retrieved December 12, 2014, from
http://www.interpol.go.id/en/transnational-crime/cyber-crime/90-peranan-bank-indonesia-
dalam-pencegahan-kejahatan-penipuan-internet-di-perbankan
Nilai Transaksi Internet Banking Lebih Besar dari ATM dan Kartu Kredit. (2014, July 6).
Retrieved December 14, 2014, from http://sharingvision.com/2014/07/nilai-transaksi-
internet-banking-lebih-besar-dari-atm-dan-kartu-kredit/
Osunmuyiwa, O. (2013). Online Banking and the Risks Involved. Research Journal of
Information Technology 5: 50-54.
Ramakrishnan, G. (2001). Risk Management for Internet Banking.
16
Retrieved from http://www.isaca.org/JOURNAL/PAST-ISSUES/2001/VOLUME-
6/Pages/Risk-Management-for-Internet-Banking.aspx
Reserve Bank of New Zealand. (2004). Review of the regulation and performance of New
Zealand's major financial institutions. Retrieved from
https://www.rbnz .govt.nz/regulation_and_supervision/banks/relationships
The top five banks in Indonesia. (2013, December 5). Retrieved December 12, 2014, from
http://www.thebanker.com/Banker-Data/Bank-Trends/The-top-five-banks-in-Indonesia